Trust & Security

ThebinderLab AB operates the storefront and is responsible for how we collect and handle your data. Our hosting and database providers run the underlying infrastructure. You are responsible for keeping your account credentials safe.

All card payments are processed by Stripe. We never see or store full card numbers, CVCs, or bank credentials. Stripe is PCI-DSS Level 1 certified.

The site is served over HTTPS. Customer and order data is stored in a managed Postgres database with encryption at rest provided by our hosting partner.

Customer-facing data is protected by row-level security policies in our database, so users only access their own orders and account information. Administrative access is limited to a small number of ThebinderLab staff.

We share data only with the processors we need to run the shop: Stripe (payments), Resend (transactional email), our print and shipping partners, and our hosting / database provider. We do not sell personal data.

Strictly necessary cookies are always on. Analytics and marketing cookies only run after you consent via our cookie banner.

Order and tax records are retained for 7 years to meet Swedish legal requirements. Marketing opt-ins are kept until you unsubscribe. See our Privacy Policy for full details and how to request deletion.

If you believe you have found a security issue, please email security@thebinderlab.com. We appreciate responsible disclosure and will respond as quickly as we can.